Week 41 In Review

RSA Europe Conference Wrap-up – blog.rootshell.be
This is my wrap-up of the last RSA Conference which occurred in London. As usual, it’s a mix of t-shirts and ties. But, vendors followed the rules of the game and came with less promotional material for their next-top-ultra-last-generation-solution-to-beat-all-hackers-from-outer-space.

665 Scada Bugs Presentation From DerbyCon – digitalbond.com
Terry McCorkle’s presentation at DerbyCon, 100 Bugs in 100 Days: An Analysis of ICS (SCADA) Software is available online. He did this research in his spare time with Billy Rios, and it is informative technically and culturally.

Dirty little secrets revelaed by ethical hackers – blogs.computerworld.com
The flipside of AntiSec hackers are penetration testers, the ethical version of elite hackers who get to play like bad boys sneaking into a system. These ethical hackers pentest the security of networks or computer systems for potential vulnerabilities that could be used by malicious attackers.

Penetration Testing Tools Update: New Version of EAPeak Released – code.google.com/p/eapeak/
SecureState is releasing an updated version of EAPeak today. EAPeak is a suite of source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It is meant to give useful information relating to the security of these networks for PenTesters to use while searching for vulnerabilities.

New Tool Release ‘Artillery” for Linux Protection – secmaniac.com
Over the past few months I’ve been working on a side project when I had some spare time. I’m releasing the 0.1 alpha pre-release edition of Artillery. Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. It’s extremely light weight, has multiple different methods for detecting specific attacks and eventually will also notify you of insecure nix configurations.

Task Manager Runs on 64-bit Excel – blog.didierstevens.com
I’m releasing a new version of TaskManager.xls that runs on Excel 2010 64-bit too. The previous version ran on 64-bit Windows, provided you used Excel 32-bit. But this new version runs on both implementations of Excel.

Techniques

Routerpwn: A router exploitation framework – youtube.com
Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits.

NMap & Pass-the-hash – josephpierini.blogspot.com
Let’s speed up pwning the Enterprise another notch. In this scenario, we’ve obtained an account hash through a Man-in-the-Middle attack using, say, Easy-Creds. In my prior blog posts I showed how to automate a psexec attack across an entire IP range or list.

A Faster psexec Attack – josephpierini.blogspot.com
So, I got some pretty harsh feedback from my first blog post. “You really suck at scripting”, they said. “You’re a script-kiddie’s script-kiddie!”, they yelled. “What if I wanted to pass a list of IPs, smart boy? How would you do that?” I tried not to get defensive and replied, “Jeez Mom, relax, I’ll come up a solution.”

Standalone Exploits Suck – community.rapid7.com
There are many reasons why writing Metasploit exploit modules and submitting them to the Metasploit framework is a good idea. You’re not only going to help the community / professionals, but it will force you to think about various aspects of writing exploits and that should result in a better exploit.

HTTP Response Splitting Attack – resources.infosecinstitute.com
In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we’re clear about how it works, because it is an often misunderstood topic, we’ll then look at how Response Splitting can be used to carry out Cross Site Scripting(XSS).

Breaking Encrypted Data Using Burp – blog.sportswigger.net
Burp Intruder now has a further payload type, suitable for automatic testing for vulnerable ECB-encrypted data. The theory behind these vulnerabilities is described on pages 224-226 of WAHH2e. Here, I’ll briefly describe an example of the vulnerability, and show how it can be exploited using Burp.

Tips For Evading Anti-Virus During Pentesting – pen-testing.sans.org
You know the old saying… “Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON.”

DNS Sinkhole Parser Script Update – sc.sans.edu
Those using the DNS Sinkhole ISO that I have made available on the Whitehats.ca site can now download the most current version of sinkhole_parser.sh script between new ISO releases. The script contains new lists that were not part of the 7 July 2011 release.

Vendor/Software Patches

Microsoft Patch For October
Microsoft released eight security updates on Tuesday, repairing 22 security holes in its October patch release, with 12 of the 22 described as “consistently exploitable” by the company.

Apple releases OS X 10.7.2 and iOS 5 with enormous security patch – nakedsecurity.sophos.com
Beginning with OS X 10.7.2/Security Update 2011-006 for OS X 10.6 there are 75 known vulnerabilities that are fixed with these updates. Most could lead to arbitrary code execution, while others lead to denial of service or privilege escalation. It weighs in at a whopping 880MB with recovery download.

Other News

Vulnerability Whistleblower Punished
Proving that shoot-the-messenger ham-fistedness isn’t dead, First State Super – which handles much of the superannuation of the NSW public service, among other things – exhibited with a Website flaw so basic the customer should be seeking out the designer with pitchforks and torches, and wants to punish the researcher for alerting it to the problem.

Scientists Break Card That Secures Homes, Office, Transit – theregister.co.uk
Scientists have circumvented the encryption used to protect a smartcard that’s widely used to restrict access in corporate and government buildings, and to process payments in public transit systems, a feat that makes it possible to clone perfect replicas of the digital keys and steal or modify their contents.

RSA Europe Conference a waste of time? – roer.com
The RSA Europe conference is a traditional vendor centric conference with all the frills and free booze that comes with such conferences. As is expected, it also consists of speaking tracks, panel discussions and group sessions designed to promote the sponsors. And of course a trade show where you can let yourself be seduced by the sales crews who hunt you like hungry wolfs.

Firewalls, Software Patches Block Almost All PC Infections – blog.laptopmag.com
Two recent studies confirm what many security experts already know: Ninety-nine percent of Windows-based malware attacks can be stopped by the simple steps of turning on firewalls and applying routine software updates.

The Greatest Security Vulnerability: You – zdnet.com
Believe it or not, the greatest threat to your personal or corporate computing environment is you. You put your personal and collective corporate security at risk every day by just being you.

Zero-Day Attacks: Don’t Believe The Hype – community.rapid7.com
Microsoft Security Intelligence Report Volume 11 for the first half of 2011 offers solid evidence to support what security researchers have been shouting feverishly for the last year. This is just more data to confirm that zero-day attacks – while they can certainly cause damage – aren’t needed for over 99% of actual attacks. The numbers also show that the top two attacks are user related.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.